How to do a background check perform a redirect from another site via https?

on one site there are working features auto-login:
when you click on the link https://example.url/api/login/{key}/{username} the user is redirected to your personal account - https://example.url

if the data entered is correct, then is redirected to the login page - https://example.url/login

actually the problem: run the test from another domain - there was a good user for auto-login.
as I understand it, the mechanics should be as follows: performed cross-browser request for a page https://example.url/api/login/{key}/{username}, which takes into account all redirects. and in the end, it reads the url of the target page (control panel or login page)
after reading similar questions I came to the conclusion that to make such a request through curl, but itself, because of the lack of experience with it, and not mastered
September 19th 19 at 00:13
1 answer
September 19th 19 at 00:15
If the domain is same, only different ports of the processing (assuming that all virtual hosts on a single computer), the question arises - on what the hell to do it is not clear what address on curl.

If you are taking treatment to https, make required checks on the page you want to send the function change header header('location:') ( No matter what the new url.
For your task it's enough.

PS: of course such a treatment refusal GET request in itself may not be safe, matter sent if the request is http or https. The difference between these two protocols is that the latter encrypts content in transit, but not the query itself.
the domains are different. on one (example.url), the user authorization and is the control panel. on the other, say example2.URLs located the billing panel, in which the link is placed for autologin. there was a need for security to do a check on the availability of such links. so in the end, should be a function like this (of course I simplify):

$url = https://example.url/api/login/{key}/{username};
if function-to-check-autologin($url) == "true" {
//do something
} - Maurice.Spencer commented on September 19th 19 at 00:18
$url = https://example.url/api/login/{key}/{username};
if function-to-check-autologin($url) == "true" {
header('location:'.$url) ;
header('location: https://example.url/login') ; - jarret.Wa commented on September 19th 19 at 00:21
I am interested in the function itself, but not how to use it)) - Maurice.Spencer commented on September 19th 19 at 00:24
curl is usually required if you want the data via the POST method and send the return code to. It turns out this is important for example for OAuth2 loganiaceae: North must respond to only one of callback request and better over https.
To GET enough of the same code, only $data = file_get_content($url). In $data will be the contents of the response that the server displays on the page. - jarret.Wa commented on September 19th 19 at 00:27
simple queries I've tried file_get_content always reacts as if the login error, probably can't pass authorization at https - Maurice.Spencer commented on September 19th 19 at 00:30
Make a separate page and try
the following code:

// initialization
$h = curl_init();
//setup parameters for the query
curl_setopt($h, CURLOPT_URL,"httpс://myexample.EN/");
curl_setopt($h, CURLOPT_HEADER, 0);

//drag contents
$cont = curl_exec($h);
echo $cont;
//close the object

And enable output of all errors on the page. Can you curl is not installed and you do not know? - jarret.Wa commented on September 19th 19 at 00:33

Find more questions by tags HTTPSPHPWeb Development